Should You Encrypt Your Home Folder in Linux?

Encrypting your home folder protects against certain forms of illicit access

Illustration of lock on motherboard
Filo / iStock Vectors / Getty Images

Encrypting your home folder keeps your data and documents safe. Even though you must log into the system to access your files, a person accessing your computer through a USB-based live operating system could still mount your home folder and access your files. Encrypting your home folder prevents this circumvention of login-based security.

How to Encrypt Your Home Folder Manually

To encrypt the home folder manually, first back up your home folder.

Log in to your account, open the terminal, and install the ecryptfs-utils package.

Create a temporary new user with admin rights (i.e, authorized to invoke the sudo command). Encrypting a home folder while you're still logged in to that user can cause problems. Log in to the new temporary admin account to encrypt your normal account's home folder.

To encrypt the home folder, enter:

sudo ecryptfs-migrate-home –u “username”

where "username" is the name of the home folder you want to encrypt.

Log in to the original account and complete the encryption process. 

Follow the instruction to add a password to the newly encrypted folder. If you don't see it, enter:

ecryptfs-add-passphrase

and add one yourself. 

Delete or disable the temporary account you created and reboot your system.

Downsides to Encrypting Data

There are a few downsides to encrypting your home folder. They are:

  • Your computer may take a performance hit if your home folder is encrypted.
  • If your hard drive fails, it is much easier to recover the data if it isn't encrypted.
  • If you forget your username and password, you lose your data.